28e46e7849e988804a723b92089c39e5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28e46e7849e988804a723b92089c39e5
Size

34KB
MD5

28e46e7849e988804a723b92089c39e5
SHA1

956f599cd5f189fb79990bfe544c90b3876564a2
SHA256

703a267df614ecd64c6006b664eb88b711fc89a53f7084ff3309f16f3293eacf
SHA512

251eda6dc94b559bc4d7d13efe2982dfde23df3d7d925365d402b74d024ae653df6bb45961b2826414da776a87976938cfcad68343e7f9e82a7a39b20a47d2e8
SSDEEP

768:UWxeGlvRUCbipyTWGsJUPtYFTetzuWARCLn4BiKtzIT4t5H5X3OFsCLSttX+:OKPbipyTWGIUPtwetz/Ln4dzE4jH5X3u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28e46e7849e988804a723b92089c39e5

Files

28e46e7849e988804a723b92089c39e5
.sys windows:4 windows x86 arch:x86

34854c4356bfa473ea31ee016139b97c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

isspace
RtlInitUnicodeString
strchr
_snprintf
ExFreePool
ExAllocatePoolWithTag
ZwQuerySystemInformation
ZwMapViewOfSection
ZwClose
ZwCreateSection
ZwOpenFile
ZwCreateFile
ZwSetValueKey
ZwOpenKey
ZwEnumerateKey
toupper
isupper
atoi
tolower
islower
strstr
isprint
srand
isxdigit
isdigit
atol
strrchr
MmIsAddressValid
ZwUnmapViewOfSection
RtlAnsiStringToUnicodeString
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
PsGetVersion
swprintf
strncmp
IoGetCurrentProcess
_wcsnicmp
wcslen
KeDelayExecutionThread
ZwCreateKey
wcscat
wcscpy
PsTerminateSystemThread
PsCreateSystemThread
_stricmp
strncpy
PsLookupProcessByProcessId
KeInitializeTimer
IofCompleteRequest
_wcslwr
wcsncpy
IoRegisterDriverReinitialization

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ